1. Field of the Invention
The present invention generally relates to the problem of electronic commercial transactions without disclosure of the customers identity to anyone knowing what is bought and, more particularly, to a system and method which achieve buyer-seller anonymity without any need of knowledge in cryptography nor mastery of computer use by a user beyond usual usage of the World Wide Web (WWW). The present invention provides a method where all services and goods are paid for in a secure way, and inappropriate deliveries, such as contaminated or corrupted files or incorrectly filled orders, may be accounted for and the responsible agent identified in the case that a claim is to be made for losses due to the inappropriate delivery or the customer's need to have the goods replaced.
2. Background Description
In classical retail commerce, the customer could go to a store, pay cash, and carry out what she or he bought while totally preserving her/his anonymity. Electronic commerce now allows home purchase from a variety of merchants, but often at the price of losing anonymity. A huge number of potential customers stay away from remote commerce, now made easy by the World Wide Web (WWW), because they are afraid that once in the system, they would be included in databases that the merchants could exchange for a variety of commercial purposes; otherwise speaking, the so-called “big brother” and invasion of privacy syndromes worry more and more potential electronic business users, thus limiting the expansion of electronic and other forms of remote businesses. It is thus important to have a means to sell goods through the Internet without invading the privacy of the customers and even better preserving their anonymity.
Several solutions to this problem have been proposed. In general to ensure anonymity, one needs some intermediate relay(s) between the customer and the merchant. To protect the system against collusion between agents working for the relays, several relays need to be provided. In order to describe the prior art relevant to this problem, as well as to describe the present invention, we need some concepts and tools from modern cryptography.
More precisely, private key/public key pairs (we also say public encryption schemes), Rabin's IDA (Information Dispersal Algorithm), and secure hash functions (such as the Secure Hash Algorithm (SHA-1)) will be used in this invention. The use of private key/public key pairs, IDA, and of secure hash functions are now well known. A description of these techniques with directions on how to use several of their implementations can be found in Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press, 1997, and in Cryptography, Theory and Practice by Douglas R. Stinson, CRC Press, 1995. For definitness, each time one uses a private encryption scheme, one can choose the RSA (Rivest, Shamir and Adleman) protocol, described in U.S. Pat. No. 4,405,829 to Rivest et al., as a method to generate and use a secret key/private key (SK/PK) pair in order to allow for public encryption. Several other methods could also be used (see, e.g., the Handbook of Applied Cryptography).
A solution to the problem of buyer anonymity was proposed in the U.S. patent application Ser. No. 09/129,826. This invention was concerned with the problem of buying physical goods such as books or electronic equipment over the Internet. Similar problems have received several solutions in the case that what is bought is information, data, and more generally material which can be transferred in electronic form on the Internet, which is also the problem we consider here. One example is given in the paper entitled “NetBill Security and Transaction Protocol” by B. Cox, J. D. Tygar, an M. Sirbu prepared under Advanced Research Projects Agency contract No. FI9628-95-C-0018, “Electronic Commerce: The Netbill Project.” See, in particular, the paper “Maintaining privacy in electronic transactions” by Benjamin T. H. Cox (Carnegie Mellon University masters thesis, Pittsburgh, Pa., August 1994). As remarked by Cox in section 5.1.3 “Encrypted Multiple Agent”, to really guarantee the customer anonymity, it is important to make sure that no individual forwarding agent knows both participants, so that several collusions are needed among participants to the protocol that one uses.